Lately I noticed something strange. I configured an ISA server as reverse proxy for OWA. The customer demanded the ability for users to change their password through OWA. I configured the OWA listener with LDAPS authentication against the Active Directory and enabled the option to select “I want to change my password after logging on” like shown below.
I tested the environment by logging in and changing the password. Everything looks okay and the password is changed correctly. I tried some extra test. I opened another browser and tried to login with the old password, which succeeded. I could now login with the old and the new password.
Strange to me…..so I tried some more test. The customer is using an SSL portal with RADIUS authentication to the same Active Director. So I tried to log in with the old and new password. I guess you know the answer. It was possible to login with both password. Another test was login in to the network components, which also use RADIUS against the Active Directory. Again the test were positive.
The last test was login in on a workstation. With this test, I could only login in with the new password and not the old one. Strange to me…… After one hour I tried again, and this time it was only possible to login with the new password.
I guess there is some kind of period where you can use both password. Maybe someone noticed this before and knows more about it…
I have a customer running a Barracuda SPAM firewall 300. The customer has the specific request that only the administrator can look at Quarantine messages and users shouldn’t get their own Quarantine inbox. To accomplish this I have configured the Quarantine Type: Global.
I see that all Quarantine messages are delivered in the globally configured mailbox. But sometimes the Barracadu still automatically creates an Account Address under the Users tab. The user from that Account has than the ability to look at their own quarantine messages. I thought it would help to configure the option New User Quarantine State to No, but this has no affect.
Does somebody know who to disable the function to automatically create User Accounts on the Barracuda SPAM firewall 300…??